Wyden Tells FTC: Unchecked Automakers Are Still Spying On Their Customers At Massive Scale
Automakers are among the worst tech" companies in America when it comes to your privacy. They hoover up an ocean of contact, location and behavior data from your car and phone, don't really clearly tell you they're doing it, then sell access to that data to a rotating crop of super dodgy and largely unregulated data brokers who routinely fail to secure it properly.
Last March the New York Times revealed that automakers like GM also routinely sell access to driver behavior data to insurance companies, which then use that data tojustify jacking up your rates. The practice isn't clearly disclosed to consumers, and resulted in 11 federal lawsuits in less than a month.
An update from Senator Ron Wyden's office indicates automakers haven't changed their habits yet. His office took a specific look at GM, Honda, and Hyundai, who use dark patterns" (read: deception) to trick users into sharing access to all manner of sensitive data. The companies then turn around and sell access to data brokers like Verisk for less money than you'd think:
Hyundai shared data from 1.7 million cars with Verisk, which paid Hyundai $1,043,315.69, or 61 cents per car...Honda shared data from 97,000 cars with the data broker Verisk, which paid Honda $25,920, or 26 cents per car."
Again, this data includes everything from the way you drive and where you drive, to data gleaned from your phone. This data is then openly sold to data brokers who often fail to secure it. Wyden's office recently found that one data broker sold the location data of abortion clinic visitors to right wing activists, who then used the data to target vulnerable women with health care misinformation.
To be clear: (and this is something that routinely gets lost in press coverage and analysis) this is all made possible because the U.S. is too corrupt to pass even a baseline privacy law for the internet era. Companies and their executives know there's no real punishment for lax security and privacy standards outside of the occasional wrist slap fine, so nothing really changes.
Last year Mozilla released a report showcasing how the auto industry hassome of the worst privacy practicesof any tech industry in America (no small feat). Massive amounts of driver behavior is collected by your car, and even more is hoovered up from your smartphone every time you connect. This data isn't secured, often isn't encrypted, and is sold to a long list of dodgy, unregulated middlemen. It's only a matter of time before we see a scandal that makes all past scandals look quaint in comparison.
Wyden's office is clear to note that what's been uncovered so far is likely only the tip of the iceberg" when it comes to the sloppy collection and monetization of user data, and urged the FTC to hold automakers, data brokers, and company executives accountable.